| Author |
Message
|
| tapak |
 Posted: Tue Nov 21, 2006 9:29 am Post subject: Getting 2035 error after etrust installation |
 |
|
Centurion
Joined: 26 Oct 2005
Posts: 149
Location: Hartford,CT
|
We are getting 2035 error after etrust installation. Anyone come across similar problems with etrust.
Here is the schenario.
Application is sending message as a Java client to a remote q definition in solaris machine. Remote q is pointed to a local queue in mainframe and etrust is intalled on solaris machine. Java application is using the following options while opening the queue . MQOO_OUTPUT|MQOO_SET_IDENTITY_CONTEXT
The group has setid permission to access the queue .
Still getting 2035 error. IT was working before etrust was installed. Not sure what is causing the problem.
To make sure the userid and group has correct permissions , I created a sample program and create test queues similar to the production one and my sample program is working .
We run the trace ,but couldnt find any error related to 2035 . Byt the trace has rc=krcI_TRIGGER_RULE_FAILED . Does this error causes 2035 .
Thanks in advance for any help. |
|
| Back to top |
|
 |
| mreddington |
| Posted: Tue Nov 21, 2006 11:11 am Post subject: 2035 |
|
|
Voyager
Joined: 14 Aug 2006
Posts: 78
|
| 2035 error is MQRC_NOT_AUTHORIZED error. It basically means that the user is not authorized to perform the operation. Check the authorities properly and then try connecting to the queue manager. |
|
| Back to top |
|
|
| RogerLacroix |
| Posted: Tue Nov 21, 2006 8:30 pm Post subject: Re: Getting 2035 error after etrust installation |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
|
| tapak wrote: |
We are getting 2035 error after etrust installation. Anyone come across similar problems with etrust.
Here is the schenario.
Application is sending message as a Java client to a remote q definition in solaris machine. Remote q is pointed to a local queue in mainframe and etrust is intalled on solaris machine. Java application is using the following options while opening the queue . MQOO_OUTPUT|MQOO_SET_IDENTITY_CONTEXT
The group has setid permission to access the queue .
Still getting 2035 error. IT was working before etrust was installed. Not sure what is causing the problem.
To make sure the userid and group has correct permissions , I created a sample program and create test queues similar to the production one and my sample program is working .
We run the trace ,but couldnt find any error related to 2035 . Byt the trace has rc=krcI_TRIGGER_RULE_FAILED . Does this error causes 2035 .
Thanks in advance for any help. |
I feel sorry for you - I went through hell a little while ago at a customer site getting eTrust and WMQ (on Solaris) to play nice together.
(1) eTrust gets totally confused by the links in the /usr/bin directory.
(2) eTrust has problems with the 'sticky' bit being set.
(3) eTrust's mass load utility is flaky / broken. You use the batch scan utility to scan directories and it creates a file that is feed into the batch loader. The loader will skip items, sometimes only process 60% of the file, and generally not process the file but never give any errors.
(4) We had an eTrust on each server and also once a week, some server would have a 'corrupted eTrust database'. Hence, you had to start all over AGAIN.
(5) eTrust had problems with child of child processes. i.e. runmqlsr internally launches amqrmppa.
(6) When you apply a CSD, eTrust immediately locks you out and you go through hell re-certifying eveything AGAIN.
Turn on your eTrust logging facility and then start WMQ. eTrust will 'generally' log what it is blocking. If your eTrust Admin sees any warning or error messages then they MUST be fixed / resolved otherwise eTrust will not let WMQ function correctly.
All I can say is good luck and sorry you are about to go through a real nigtmare.
Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
| Back to top |
|
|
| tapak |
| Posted: Fri Nov 24, 2006 6:50 am Post subject: |
|
|
Centurion
Joined: 26 Oct 2005
Posts: 149
Location: Hartford,CT
|
Hi Roger ,
Thanks for the detailed info. Anyway we created a ticket with IBM with the trace info. Let us wait to see what IBM come up with.
Thanks, Deepak |
|
| Back to top |
|
|
| Nigelg |
| Posted: Mon Nov 27, 2006 1:03 am Post subject: |
|
|
Grand Master
Joined: 02 Aug 2004
Posts: 1046
|
| Quote: |
| we created a ticket with IBM with the trace info |
An odd reaction to Roger's post, which blames these problems on eTrust, not WMQ.
_________________
MQSeries.net helps those who help themselves.. |
|
| Back to top |
|
|
| sjensen |
| Posted: Mon Nov 27, 2006 6:03 am Post subject: |
|
|
Centurion
Joined: 18 Dec 2003
Posts: 134
Location: London
|
Hi,
A the joys of ETrust.. it is normally recommended to run it in warning mode until the logs are clear.
You can check for warning like this:
| Code: |
seaudit -a | grep " W "
|
and for denials like this:
| Code: |
seaudit -a | grep " D "
|
to see the violations within a time window:
| Code: |
seaudit -a -g -sd <date> -st <time> -ed <date> -et <time>
|
There should be a rebuild.sh script in ETrust's lbin directory (on Solaris at least) to rebuild the lookaside database
Good luck it is needed for ETrust  |
|
| Back to top |
|
|
| tapak |
| Posted: Fri Dec 01, 2006 8:12 am Post subject: Problem solved without any changes |
|
|
Centurion
Joined: 26 Oct 2005
Posts: 149
Location: Hartford,CT
|
Thank you for all the inputs.
The problem resolved this week without doing any changes on the MQ side other than a restart happened on the weekend. Not sure what caused the problem.
When we had the problem ,we added mqm to the serverconn MCAUSERID from blank get it work for the time being. This week we reverted back the changes for debugging purpose and it worked. |
|
| Back to top |
|
|
|
|
